Advisories » MGASA-2019-0329

Updated libjpeg packages fix security vulnerability

Publication date: 19 Nov 2019
Modification date: 19 Nov 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-2201

Description

The updated packages fix a security vulnerability:

Several integer overflow issues and subsequent segfaults occur in
libjpeg-turbo when attempting to compress or decompress gigapixel
images. (CVE-2019-2201)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25296
• https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361
• https://source.android.com/security/bulletin/2019-11-01
• https://www.openwall.com/lists/oss-security/2019/11/11/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2201

SRPMS

7/core

• libjpeg-2.0.3-1.mga7